Hello everyone,
I am learning the concept of jails and I am just testing things out using "Thick" jails (meaning an isolated complete userland for the jail). I have read the handbook and Absolute FreeBSD yet I am curious to find out which type of jails are you using in your environment, be it either your home network or work environments. In my case, I want to have jails for essential network services (DNS, DHCP, etc), migrate some of my home network services that are on Linux VMs to FreeBSD jails and then try out new things. I might migrate my linux services to Thick jails first and then see how it goes from there.
I see the following use cases and benefits
In my case, I am interested in having a default configuration for a new jail so it can be configured later. An example is I want to add a public ssh key to the root user so it can be auto configured with Ansible. That means that for the new jail, the ssh service must be configured and also the public key needs to be added to the root user. Creating a template using a thin jail might work for this case, right?
Can anyone share their experiences on using jails and what did you learn on your preferred setup? Thanks!
I am learning the concept of jails and I am just testing things out using "Thick" jails (meaning an isolated complete userland for the jail). I have read the handbook and Absolute FreeBSD yet I am curious to find out which type of jails are you using in your environment, be it either your home network or work environments. In my case, I want to have jails for essential network services (DNS, DHCP, etc), migrate some of my home network services that are on Linux VMs to FreeBSD jails and then try out new things. I might migrate my linux services to Thick jails first and then see how it goes from there.
I see the following use cases and benefits
- Thick jails: good for isolation yet heavy on maintenance and manual work.
- Thin jails: seize the benefits of ZFS datasets, and set default configuration on the dataset. Every other jail clones the dataset and then adds the jails packages and configuration on its own dataset. Might pose security or dependency risks based on how you configure the base template
- Nullfs jails: I read this on Absolute FreeBSD and it's wonderful that the base FreeBSD install is able to do this (which is like magic to me) but I really don't see a use case for this in a home network. Lots of space benefits but might be very hard to manage.
In my case, I am interested in having a default configuration for a new jail so it can be configured later. An example is I want to add a public ssh key to the root user so it can be auto configured with Ansible. That means that for the new jail, the ssh service must be configured and also the public key needs to be added to the root user. Creating a template using a thin jail might work for this case, right?
Can anyone share their experiences on using jails and what did you learn on your preferred setup? Thanks!
